summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb/fast.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/fast.c')
-rw-r--r--src/lib/krb5/krb/fast.c42
1 files changed, 32 insertions, 10 deletions
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index e9f54be788..ef57e6d832 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -299,6 +299,8 @@ static krb5_error_code decrypt_fast_reply
free(scratch.data);
if (encrypted_response)
krb5_free_enc_data(context, encrypted_response);
+ if (local_resp)
+ krb5_free_fast_response(context, local_resp);
return retval;
}
@@ -376,9 +378,11 @@ krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_sta
fast_response->padata = NULL;
/*
* If there is more than the fx_error padata, then we want
- * to retry the error
+ * to retry the error if a cookie is present
*/
*retry = (*out_padata)[1] != NULL;
+ if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL)
+ *retry = 0;
}
if (fx_error)
krb5_free_error(context, fx_error);
@@ -408,14 +412,14 @@ krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_sta
krb5_error_code krb5int_fast_process_response
(krb5_context context, struct krb5int_fast_request_state *state,
krb5_kdc_rep *resp,
- krb5_keyblock **as_key)
+ krb5_keyblock **strengthen_key)
{
krb5_error_code retval = 0;
krb5_fast_response *fast_response = NULL;
krb5_data *encoded_ticket = NULL;
krb5_boolean cksum_valid;
krb5_clear_error_message(context);
- *as_key = NULL;
+ *strengthen_key = NULL;
if (state->armor_key == 0)
return 0;
retval = decrypt_fast_reply(context, state, resp->padata,
@@ -442,8 +446,8 @@ krb5_error_code krb5int_fast_process_response
krb5_free_principal(context, resp->client);
resp->client = fast_response->finished->client;
fast_response->finished->client = NULL;
- *as_key = fast_response->rep_key;
- fast_response->rep_key = NULL;
+ *strengthen_key = fast_response->strengthen_key;
+ fast_response->strengthen_key = NULL;
krb5_free_pa_data(context, resp->padata);
resp->padata = fast_response->padata;
fast_response->padata = NULL;
@@ -454,6 +458,29 @@ krb5_error_code krb5int_fast_process_response
krb5_free_data(context, encoded_ticket);
return retval;
}
+
+krb5_error_code krb5int_fast_reply_key(krb5_context context,
+ krb5_keyblock *strengthen_key,
+ krb5_keyblock *existing_key,
+ krb5_keyblock *out_key)
+{
+ krb5_keyblock *key = NULL;
+ krb5_error_code retval = 0;
+ krb5_free_keyblock_contents(context, out_key);
+ if (strengthen_key) {
+ retval = krb5_c_fx_cf2_simple(context, strengthen_key,
+ "strengthenkey", existing_key, "replykey", &key);
+ if (retval == 0) {
+ *out_key = *key;
+ free(key);
+ }
+ } else {
+ retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
+ }
+ return retval;
+}
+
+
krb5_error_code
krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state **state)
{
@@ -473,11 +500,6 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state
/*We are responsible for none of the store in the fast_outer_req*/
krb5_free_keyblock(context, state->armor_key);
krb5_free_fast_armor(context, state->armor);
- if (state->cookie) {
- free(state->cookie->contents);
- free(state->cookie);
- state->cookie = NULL;
- }
free(state);
}
generated by cgit (git 2.34.1) at 2025-10-15 22:17:54 +0000